Merge pull request #9 from bit4woo/dev

tuning the logic of display some menus
tuning the logic of "Update Cookie" & "Set Cookie"
To support multiple selection for some menus

Author: bit4woo

src/burp/BurpExtender.java

@@ -19,6 +19,16 @@
 import config.ConfigTable;
 import config.ConfigTableModel;
 import config.GUI;
+import hackbar.File_Payload_Menu;
+import hackbar.LFI_Menu;
+import hackbar.Reverse_Shell_Menu;
+import hackbar.SQL_Error;
+import hackbar.SQL_Menu;
+import hackbar.SQli_LoginBypass;
+import hackbar.SSTI_Menu;
+import hackbar.WebShell_Menu;
+import hackbar.XSS_Menu;
+import hackbar.XXE_Menu;
 import knife.*;
 
 public class BurpExtender extends GUI implements IBurpExtender, IContextMenuFactory, ITab, IHttpListener,IProxyListener,IExtensionStateListener {
@@ -77,7 +87,12 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
 
 
 		byte context = invocation.getInvocationContext();
-		menu_list.add(new DismissMenu(this));
+		
+		String dismissed  = this.tableModel.getConfigByKey("DismissedHost");
+		if (dismissed != null) {
+			menu_list.add(new DismissMenu(this));
+		}
+
 		menu_list.add(new AddHostToScopeMenu(this));
 		menu_list.add(new OpenWithBrowserMenu(this));
 		menu_list.add(new RunSQLMap(this));
@@ -86,8 +101,9 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
 		if (context == IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST) {
 
 			menu_list.add(new UpdateCookieMenu(this));
-			menu_list.add(new UpdateCookieWithHistoryMenu(this));
-
+			if (this.config.getUsedCookie()!=null){
+				menu_list.add(new UpdateCookieWithHistoryMenu(this));
+			}
 
 			UpdateHeaderMenu uhmenu = new UpdateHeaderMenu(this);
 			List<String> pHeaders = uhmenu.possibleHeaderNames(invocation);
@@ -98,7 +114,10 @@ public List<JMenuItem> createMenuItems(IContextMenuInvocation invocation) {
 		}
 
 		menu_list.add(new SetCookieMenu(this));
-		menu_list.add(new SetCookieWithHistoryMenu(this));
+		if (this.config.getUsedCookie() != null){
+			menu_list.add(new SetCookieWithHistoryMenu(this));
+		}
+
 
 		JMenu Hack_Bar_Menu = new JMenu("^_^ Hack Bar++");
 		Hack_Bar_Menu.add(new SQL_Menu(this));
@@ -176,17 +195,19 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
 		}
 
 		//当函数第一次被调用时，还没来得及设置cookie，获取到的cookieToSet必然为空。
-		String cookieToSet = config.getTmpMap().get("cookieToSet");
+		HashMap<String, HeaderEntry> cookieToSetMap = config.getSetCookieMap();
 		//stderr.println("called"+cookieToSet);
-		if (cookieToSet != null){//第二次调用如果cookie不为空，就走到这里
-			String targetUrl = cookieToSet.split(CookieUtils.SPLITER)[0];
-			String originUrl = cookieToSet.split(CookieUtils.SPLITER)[1];
-			String cookieValue = cookieToSet.split(CookieUtils.SPLITER)[2];
+		if (cookieToSetMap != null && !cookieToSetMap.isEmpty()){//第二次调用如果cookie不为空，就走到这里
 
 			IHttpRequestResponse messageInfo = message.getMessageInfo();
 			String CurrentUrl = messageInfo.getHttpService().toString();
 			//stderr.println(CurrentUrl+" "+targetUrl);
-			if (targetUrl.equalsIgnoreCase(CurrentUrl)){
+			HeaderEntry cookieToSet = cookieToSetMap.get(CurrentUrl);
+			if (cookieToSet != null){
+				
+				String targetUrl = cookieToSet.getTargetUrl();
+				String cookieValue = cookieToSet.getHeaderValue();
+				
 				if (messageIsRequest) {
 					byte[] newRequest = CookieUtils.updateCookie(messageInfo,cookieValue);
 					messageInfo.setRequest(newRequest);
@@ -200,9 +221,7 @@ public void processProxyMessage(boolean messageIsRequest, IInterceptedProxyMessa
 					byte[] response = helpers.buildHttpMessage(responseHeaders,responseBody);
 
 					messageInfo.setResponse(response);
-					config.getTmpMap().remove("cookieToSet");//only need to set once
-					config.getTmpMap().put("cookieToSetHistory",cookieToSet);//store used cookie, change name to void change every request of host
-					//临时换名称存储，避免这个参数影响这里的逻辑，导致域名下的每个请求都会进行该操作。
+					cookieToSetMap.remove(CurrentUrl);//only need to set once
 				}
 			}
 
@@ -344,144 +363,6 @@ public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequ
 		}
 	}
 
-	@Deprecated
-	public void processHttpMessageWithEditor(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
-		//messageeditor
-		synchronized (messageInfo) {
-			if (messageIsRequest) {
-
-				boolean isRequestChanged = false;
-				MessageEditor editer = new MessageEditor(messageIsRequest, messageInfo, helpers);
-
-				URL url = editer.getURL();
-				String path = url.getPath();
-				String host = editer.getHost();
-				byte[] body = editer.getBody();
-				LinkedHashMap<String, String> headers = editer.getHeaderMap();//this will lost the first line
-
-
-				//remove header
-				List<ConfigEntry> configEntries = tableModel.getConfigByType(ConfigEntry.Action_Remove_From_Headers);
-				for (ConfigEntry entry : configEntries) {
-					String key = entry.getKey();
-					if (headers.remove(key) != null) {
-						isRequestChanged = true;
-					}
-				}
-
-				if (config.getTmpMap().containsKey(host)) {//自动更新cookie
-					String cookieValue = config.getTmpMap().get(host);
-					String[] values = cookieValue.split("::::");
-					String trueCookie = values[1];
-					headers.put("Cookie", trueCookie);
-					isRequestChanged = true;
-				}
-
-				//add/update/append header
-				if (toolFlag == (toolFlag & checkEnabledFor())) {
-					//if ((config.isOnlyForScope() && callbacks.isInScope(url))|| !config.isOnlyForScope()) {
-					if (!config.isOnlyForScope()||callbacks.isInScope(url)){
-						try {
-							List<ConfigEntry> updateOrAddEntries = tableModel.getConfigEntries();
-							for (ConfigEntry entry : updateOrAddEntries) {
-								String key = entry.getKey();
-								String value = entry.getValue();
-
-								if (value.contains("%host")) {
-									value = value.replaceAll("%host", host);
-									//stdout.println("3333"+value);
-								}
-
-								if (value.toLowerCase().contains("%dnslogserver")) {
-									String dnslog = tableModel.getConfigByKey("DNSlogServer");
-									Pattern p = Pattern.compile("(?u)%dnslogserver");
-									Matcher m = p.matcher(value);
-
-									while (m.find()) {
-										String found = m.group(0);
-										value = value.replaceAll(found, dnslog);
-									}
-								}
-
-								if (entry.getType().equals(ConfigEntry.Action_Add_Or_Replace_Header) && entry.isEnable()) {
-									headers.put(key, value);
-									isRequestChanged = true;
-
-								} else if (entry.getType().equals(ConfigEntry.Action_Append_To_header_value) && entry.isEnable()) {
-									value = headers.get(key) + value;
-									headers.put(key, value);
-									isRequestChanged = true;
-									//stdout.println("2222"+value);
-								} else if (entry.getKey().equalsIgnoreCase("Chunked-AutoEnable") && entry.isEnable()) {
-									headers.put("Transfer-Encoding", "chunked");
-									isRequestChanged = true;
-
-									try {
-										boolean useComment = false;
-										if (this.tableModel.getConfigByKey("Chunked-UseComment") != null) {
-											useComment = true;
-										}
-										String lenStr = this.tableModel.getConfigByKey("Chunked-Length");
-										int len = 10;
-										if (lenStr != null) {
-											len = Integer.parseInt(lenStr);
-										}
-										body = Methods.encoding(body, len, useComment);
-										editer.setBody(body);
-									} catch (UnsupportedEncodingException e) {
-										e.printStackTrace(stderr);
-									}
-								}
-							}
-
-
-							///proxy function should be here
-							//reference https://support.portswigger.net/customer/portal/questions/17350102-burp-upstream-proxy-settings-and-sethttpservice
-							String proxy = this.tableModel.getConfigByKey("Proxy-ServerList");
-							String mode = this.tableModel.getConfigByKey("Proxy-UseRandomMode");
-
-							if (proxy != null) {//if enable is false, will return null.
-								List<String> proxyList = Arrays.asList(proxy.split(";"));//如果字符串是以;结尾，会被自动丢弃
-
-								if (mode != null) {//random mode
-									proxyServerIndex = (int) (Math.random() * proxyList.size());
-									//proxyServerIndex = new Random().nextInt(proxyList.size());
-								} else {
-									proxyServerIndex = (proxyServerIndex + 1) % proxyList.size();
-								}
-								String proxyhost = proxyList.get(proxyServerIndex).split(":")[0].trim();
-								int port = Integer.parseInt(proxyList.get(proxyServerIndex).split(":")[1].trim());
-								editer.setService(
-										helpers.buildHttpService(proxyhost, port, messageInfo.getHttpService().getProtocol()));
-								String firstrline = editer.getFirstLineOfHeader().replaceFirst(path, url.toString().split("\\?",0)[0]);
-								editer.setFirstLineOfHeader(firstrline);
-								isRequestChanged = true;
-								//success or failed,need to check?
-							}
-						} catch (Exception e) {
-							e.printStackTrace(stderr);
-						}
-					}
-				}
-				//set final request
-				editer.setHeaderMap(headers);
-				messageInfo = editer.getMessageInfo();
-
-				if (isRequestChanged) {
-					//debug
-					List<String> finalheaders = helpers.analyzeRequest(messageInfo).getHeaders();
-					//List<String> finalheaders = editer.getHeaderList();//error here:bodyOffset getted twice are different
-					stdout.println(System.lineSeparator() + "//////////edited request by knife//////////////" + System.lineSeparator());
-					for (String entry : finalheaders) {
-						stdout.println(entry);
-					}
-				}
-			}
-		}//sync
-	}
-
-
-
 	public List<String> GetSetCookieHeaders(String cookies){
 		if (cookies.startsWith("Cookie: ")){
 			cookies = cookies.replaceFirst("Cookie: ","");
@@ -498,6 +379,7 @@ public List<String> GetSetCookieHeaders(String cookies){
 
 	public boolean isDismissedHost(String host){
 		String dissmissed  = tableModel.getConfigByKey("DismissedHost");
+		if (dissmissed == null) return false;//表示配置被禁用了
 		String[] dissmissedHosts = dissmissed.split(",");
 		Iterator<String> it = Arrays.asList(dissmissedHosts).iterator();
 		while (it.hasNext()){

src/burp/Getter.java

@@ -57,6 +57,7 @@ public String getHeaderString(boolean messageIsRequest,IHttpRequestResponse mess
 	public LinkedHashMap<String,String> getHeaderHashMap(boolean messageIsRequest,IHttpRequestResponse messageInfo) {
 		List<String> headers = getHeaderList(messageIsRequest,messageInfo);
 		LinkedHashMap<String,String> result = new LinkedHashMap<String, String>();
+		if (headers.size() <=0) return result;
 		headers.remove(0);
 		for (String header : headers) {
 			try {

src/burp/Utils.java

@@ -1,5 +1,9 @@
 package burp;
 
+import java.awt.Desktop;
+import java.net.URI;
+import java.net.URL;
+
 public class Utils {
     public static boolean isWindows() {
     	String OS_NAME = System.getProperties().getProperty("os.name").toLowerCase();
@@ -9,4 +13,29 @@ public static boolean isWindows() {
         	return false;
         }
     }
+    
+    
+    public static void browserOpen(Object url,String browser) throws Exception{
+		String urlString = null;
+		URI uri = null;
+		if (url instanceof String) {
+			urlString = (String) url;
+			uri = new URI((String)url);
+		}else if (url instanceof URL) {
+			uri = ((URL)url).toURI();
+			urlString = url.toString();
+		}
+		if(browser == null ||browser.equalsIgnoreCase("default") || browser.equalsIgnoreCase("")) {
+			//whether null must be the first
+			Desktop desktop = Desktop.getDesktop();
+			if(Desktop.isDesktopSupported()&&desktop.isSupported(Desktop.Action.BROWSE)){
+				desktop.browse(uri);
+			}
+		}else {
+			Runtime runtime = Runtime.getRuntime();
+			runtime.exec(browser+" "+urlString);
+			//C:\Program Files\Mozilla Firefox\firefox.exe
+			//C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe
+		}
+	}
 }

src/config/Config.java

@@ -9,14 +9,16 @@
 import com.alibaba.fastjson.annotation.JSONField;
 
 import burp.IBurpExtenderCallbacks;
+import knife.HeaderEntry;
 
 public class Config {
 
 	private String ConfigName = "";
 	private List<String> stringConfigEntries = new ArrayList<String>();// get from configTableModel
 	private int enableStatus = IBurpExtenderCallbacks.TOOL_PROXY;
 	private boolean onlyForScope = true;
-	private HashMap<String,String> tmpMap = new HashMap<String,String>();
+	private HashMap<String,HeaderEntry> setCookieMap = new HashMap<String,HeaderEntry>();
+	private HeaderEntry usedCookie = null;
 
 	Config(){
     	//to resolve "default constructor not found" error
@@ -58,14 +60,23 @@ public void setOnlyForScope(boolean onlyForScope) {
 		this.onlyForScope = onlyForScope;
 	}
 
-	public HashMap<String, String> getTmpMap() {
-		return tmpMap;
+	@JSONField(serialize=false)//表明不序列号该字段
+	public HashMap<String, HeaderEntry> getSetCookieMap() {
+		return setCookieMap;
+	}
+	@JSONField(serialize=false)//表明不序列号该字段
+	public void setSetCookieMap(HashMap<String, HeaderEntry> setCookieMap) {
+		this.setCookieMap = setCookieMap;
+	}
+	@JSONField(serialize=false)//表明不序列号该字段
+	public HeaderEntry getUsedCookie() {
+		return usedCookie;
+	}
+	@JSONField(serialize=false)//表明不序列号该字段
+	public void setUsedCookie(HeaderEntry usedCookie) {
+		this.usedCookie = usedCookie;
 	}
 
-	public void setTmpMap(HashMap<String, String> tmpMap) {
-		this.tmpMap = tmpMap;
-	}	
-	
 	@JSONField(serialize=false)//表明不序列号该字段
 	public String ToJson(){//注意函数名称，如果是get set开头，会被认为是Getter和Setter函数，会在序列化过程中被调用。
 		return JSONObject.toJSONString(this);

src/burp/File_Payload_Menu.java src/hackbar/File_Payload_Menu.javasrc/burp/File_Payload_Menu.java renamed to src/hackbar/File_Payload_Menu.java

@@ -1,9 +1,13 @@
-package burp;
+package hackbar;
 
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import javax.swing.JMenu;
 
+import burp.BurpExtender;
+import burp.IHttpRequestResponse;
+import burp.Methods;
+
 
 /**
  *
@@ -26,7 +30,7 @@ public class File_Payload_Menu extends JMenu {
 			{"PDF XSS"}
 	};//TODO
 
-	File_Payload_Menu(BurpExtender burp){
+	public File_Payload_Menu(BurpExtender burp){
 		this.setText("File Payload");
 		this.myburp = burp;
 		Methods.Create_Main_Menu(this, Second_Menu, Third_MenuItems, new File_Upload_Menu_ItemListener(myburp));

src/burp/LFI_Menu.java src/hackbar/LFI_Menu.javasrc/burp/LFI_Menu.java renamed to src/hackbar/LFI_Menu.java

@@ -3,13 +3,17 @@
  * To change this template file, choose Tools | Templates
  * and open the template in the editor.
  */
-package burp;
+package hackbar;
 
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import java.util.Arrays;
 import javax.swing.JMenu;
 
+import burp.BurpExtender;
+import burp.IHttpRequestResponse;
+import burp.Methods;
+
 /**
  *
  * @author abdul.wahab
@@ -26,7 +30,7 @@ public class LFI_Menu extends JMenu {
         {"C:\\boot.ini", "C:\\WINDOWS\\win.ini", "C:\\WINDOWS\\php.ini", "C:\\WINDOWS\\System32\\Config\\SAM", "C:\\WINNT\\php.ini", "C:\\xampp\\phpMyAdmin\\config.inc", "C:\\xampp\\phpMyAdmin\\phpinfo.php", "C:\\xampp\\phpmyadmin\\config.inc.php", "C:\\xampp\\apache\\conf\\httpd.conf", "C:\\xampp\\MercuryMail\\mercury.ini", "C:\\xampp\\php\\php.ini", "C:\\xampp\\phpMyAdmin\\config.inc.php", "C:\\xampp\\tomcat\\conf\\tomcat-users.xml", "C:\\xampp\\tomcat\\conf\\web.xml", "C:\\xampp\\sendmail\\sendmail.ini", "C:\\xampp\\webalizer\\webalizer.conf", "C:\\xampp\\webdav\\webdav.txt", "C:\\xampp\\apache\\logs\\error.log", "C:\\xampp\\apache\\logs\\access.log", "C:\\xampp\\FileZillaFTP\\Logs", "C:\\xampp\\FileZillaFTP\\Logs\\error.log", "C:\\xampp\\FileZillaFTP\\Logs\\access.log", "C:\\xampp\\MercuryMail\\LOGS\\error.log", "C:\\xampp\\MercuryMail\\LOGS\\access.log", "C:\\xampp\\mysql\\data\\mysql.err", "C:\\xampp\\sendmail\\sendmail.log"}
         };
 
-    LFI_Menu(BurpExtender burp){
+    public LFI_Menu(BurpExtender burp){
         this.setText("LFI");
         this.myburp = burp;
         Methods.Create_Main_Menu(this, LFI_Menu, LFIMenuItems, new LFIItemListener(myburp));